New malware attacking Android devices to be watched, NCC warns
The Nigerian Communications Commission (NCC) has alerted Nigerians to a new malware specifically attacking Android devices.
NCC explained that the malware, named ‘AbstractEmu’, can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.
NCC in a statement signed by its Director of Public Affairs, Dr. Ike Adinde, explained that the AbstractEmu has been found to be distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.
The advisory stated that a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware.
The apps are said to have been prominently distributed via third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure. The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.
The ngCERT advisory also captured the consequences of making their devices susceptible to AbstractEmu attack. Once installed, the attack chain is designed to leverage one of five exploits for older Android security flaws that would allow it to gain root permissions. It also takes over the device, installs additional malware, extracts sensitive data, and transmits to a remote attack-controlled server.
Additionally, the malware can modify the phone settings to give app ability to reset the device password, or lock the device, through device admin; draw over other windows; install other packages; access accessibility services; ignore battery optimisation; monitor notifications; capture screenshots; record device screen; disable Google Play Protect; as well as modify permissions that grant access to contacts, call logs, Short Messaging Service (SMS), Geographic Positioning System (GPS), camera, and microphone.
The ngCERT also asserts in the advisory that, while the malicious apps were removed from Google Play Store, the other app stores are likely distributing them. Consequently, the NCC wishes to reiterate a two-fold ngCERT advisory in order to mitigate the risks. The two-fold advisory include: users should be wary of installing unknown or unusual apps, and look out for different behaviours as they use their phones; reset your phone to factory settings when there is suspicion of unusual behaviours in your phone.
The four tech startups are: Clearflow System Hub, Aelaus Engineering Teams/Hyech Electronics Solutions, Kalibotics, and CyberNorth Tech.
They emerged winners of Virtual NCC Internet of Things (IoT) Code Camp and Hackathon 2021, and they received N5 million each for their innovative technology solutions aimed at making life better for Nigerians.
While the first two startups, Clearflow System Hub and Aelaus Engineering Teams/Hyech Electronics Solutions, emerged winners on IoT category on kidnapping and banditry, Kalibotics and CyberNorth Tech, emerged winners on assistive robotics for effective e-waste management solutions.
The grant was for the novel digital solutions of four startups, aimed at finding innovative digital solutions in addressing the challenges of insecurity and to stem the growth in national e-waste rates, while advancing the frontier of Internet of Things (IoT) in Nigeria.